CISO Conversations: Tarah Wheeler – Cybersecurity Leader & Innovative Thinker
Tarah Wheeler serves as chief information security officer at TPO Group, an organization specializing in cybersecurity consulting for high-stakes entities including critical infrastructure providers and federal agencies.
Tarah Wheeler’s Career and Background
Tarah Wheeler serves as chief information security officer at TPO Group, an organization specializing in cybersecurity consulting for high-stakes entities including critical infrastructure providers and federal agencies. Her career trajectory diverged from conventional paths, marked by an unexpected entry into the field. “I absolutely did not choose this career on purpose,” she explained. “I fell backwards into it. It felt like the industry dragged me into an alley, hit me over the head, and declared me one of its own.” This metaphor, while vivid, aligns with her perspective on the field’s immersive nature.
Unexpected Entry into Cybersecurity
“I absolutely did not choose this career on purpose,” she explained. “I fell backwards into it. It felt like the industry dragged me into an alley, hit me over the head, and declared me one of its own.” This metaphor, while vivid, aligns with her perspective on the field’s immersive nature.
Academic and Professional Foundations
Born in Washington, Wheeler is currently pursuing studies at Oxford University in the UK. Her professional identity is deeply rooted in social science and writing, which she views as complementary to cybersecurity. “Cybersecurity offers a unique lens to observe human behavior when individuals believe they are unobserved, allowing for data collection on such interactions,” she noted. This interdisciplinary approach has shaped her career, blending technical expertise with analytical insights.
Roles and Contributions
Wheeler’s roles have spanned red teaming, purple teaming, SecOps, and physical, digital, and social cybersecurity. She now focuses on risk and compliance, emphasizing the scalability of human behavior impacts. “Compliance policy is how you influence the actions of 50,000 individuals to improve security practices,” she said. Wheeler’s academic and professional contributions extend beyond technical roles. She authored a 2018 Foreign Policy article titled *In Cyberwar, There Are No Rules* and wrote *Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories*.
Policy and Technical Experience
Her policy work includes collaborations with institutions such as the Council on Foreign Relations and Harvard’s Belfer Center. Her technical experience spans roles at Microsoft, Silent Circle, Symantec, and Splunk, leading to leadership positions including CISO at Red Queen Technologies and TPO Group. A pivotal moment in her career was her testimony before the U.S. Senate Committee on Homeland Security & Governmental Affairs in 2024 during a hearing on the Cyber Safety Review Board.
Key Insights and Philosophy
Wheeler’s definition of a hacker emphasizes skill sets rather than moral judgments. Drawing from *A Hacker Manifesto* by McKenzie Wark and the 1995 film *Hackers*, she distinguishes between individuals who use technical abilities for constructive purposes and those who exploit them for harm. “Hacking is a survival trait—identifying system fragility and choosing to either exploit or safeguard it,” she said. Leadership, she argues, hinges on ego management. “The ability to prioritize others’ success over personal recognition defines effective leadership,” she stated.
Interdisciplinary Perspectives
Her cross-disciplinary interests, such as her work as a student pilot and motorcyclist, enhance her perspective. “Flying a plane or riding a motorcycle demands precision and focus, mirroring the criticality of cybersecurity decisions,” she noted. Burnout, she believes, stems from systemic issues rather than individual shortcomings. “Modern capitalism creates inescapable pressures, from financial obligations to immigration constraints,” she said. Addressing burnout requires systemic solutions, not superficial remedies like self-care advice.
Current Concerns and Vision
Wheeler’s advice to aspiring professionals includes embracing failure as a learning tool. “I’ve failed seven out of ten attempts, but each failure refined my approach,” she said. She also highlights the importance of learning from mentors, citing Jon Callas, co-founder of PGP Corporation, as a key influence. Her current concerns center on the lack of verifiable data in cybersecurity. “We lack industry benchmarks and statistical frameworks, leading to reliance on marketing and media narratives,” she said.
Call for Data-Driven Foundations
The erosion of institutions like NIST, which she describes as a “last bastion of irrefutable evidence,” exacerbates this issue. Recent workforce reductions at NIST, including over 700 job cuts since 2025, have further weakened its capacity to provide authoritative guidance. Wheeler’s vision for the future emphasizes the need for a centralized cyber statistics agency to establish factual foundations for decision-making. “Without reliable data, we risk building knowledge on hype rather than evidence,” she warned.
“Cybersecurity offers a unique lens to observe human behavior when individuals believe they are unobserved, allowing for data collection on such interactions,” she noted.
Wheeler’s insights underscore the critical intersection of technical expertise, policy, and human behavior in shaping cybersecurity’s evolving landscape.
